General

  • Target

    39e25d40141910ad54485632831d2125cf7254467a3540bc859c6b05ba0e86ab

  • Size

    1.2MB

  • Sample

    241110-cmrq7sxdrb

  • MD5

    995de912e0a516a12d5ea79a7b72a169

  • SHA1

    4d0e22e1fc82c510d652c516b8b013c1e7d68ace

  • SHA256

    39e25d40141910ad54485632831d2125cf7254467a3540bc859c6b05ba0e86ab

  • SHA512

    cc18a31cd5026fd5fca74b55fe04ac1ea78b69f938d37426372c73526cb49e36ed706793b0f4569b79161b2d37f3539c345d701bcb3a6a5a2539059eb74bec2d

  • SSDEEP

    24576:zGxKz+TDUpS+Nmj4NGQpy6X6yzjKdFuU40KUcDL0lNp/bPm:zGMOKSUDNGQp9qKqFR4JUcDLqNp/b

Malware Config

Targets

    • Target

      39e25d40141910ad54485632831d2125cf7254467a3540bc859c6b05ba0e86ab

    • Size

      1.2MB

    • MD5

      995de912e0a516a12d5ea79a7b72a169

    • SHA1

      4d0e22e1fc82c510d652c516b8b013c1e7d68ace

    • SHA256

      39e25d40141910ad54485632831d2125cf7254467a3540bc859c6b05ba0e86ab

    • SHA512

      cc18a31cd5026fd5fca74b55fe04ac1ea78b69f938d37426372c73526cb49e36ed706793b0f4569b79161b2d37f3539c345d701bcb3a6a5a2539059eb74bec2d

    • SSDEEP

      24576:zGxKz+TDUpS+Nmj4NGQpy6X6yzjKdFuU40KUcDL0lNp/bPm:zGMOKSUDNGQp9qKqFR4JUcDLqNp/b

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks